Hello,
I've already made a previous similar post but it's getting a bit old so I'm re-launching it.
I am currently developing an iOS application using AppCheck with AppAttest. I have read Apple's documentation on AppAttest to understand how it works. However, there is a part I didn't understand.
When the public key is to be shared, Apple will create a certificate to attest that this public key belongs to an official instance of my application. Here is what it says about this verification on the official website :
How does the Apple server identify that the key comes from an official instance of my application ?
I can also rephrase my question as follows: How does the apple server detect an unofficial instance of my application if the data it receives for this check comes from it directly (I assume and I am probably wrong) and can therefore be falsified ?
Is this a secret process to which I cannot have access, this answer would also suit me ?
Thanks for your attention !